HTTP: VMware vCenter Server Remote Code Execution
This signature detects attempts to exploit a known vulnerability against VMware vCenter. A successful attack can lead to arbitrary code execution.
Extended Description
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Affected Products
Vmware vcenter_server
Short Name
HTTP:CTS:VMWARE-VCNTR-RCE
Severity
Critical
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2021-21985 Code Execution Remote Server VMware vCenter
Release Date
06/23/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Rarely
Vendors
Vmware
CVSS Score
10.0